Operation Desert Eagle
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | b581fff9-3c4d-4b7e-b523-631eb61228d4 |
| Fingerprint | 356d423089814f49 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 6, 2017, 5:13 p.m. |
| Added to db | Jan. 18, 2023, 7:58 p.m. |
| Last updated | Nov. 15, 2024, 12:35 p.m. |
| Headline | Malware Party |
| Title | Operation Desert Eagle |
| Detected Hints/Tags/Attributes | 38/2/29 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://mymalwareparty.blogspot.tw/2017/07/operation-desert-eagle.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 57 | www.clearskysec.com |
|
| Details | Domain | 39 | xxx.xxx.xxx.xxx |
|
| Details | Domain | 3 | wiknet.wikaba.com |
|
| Details | Domain | 1 | wiknet.moo.com |
|
| Details | File | 2 | dustysky_tlp_white.pdf |
|
| Details | File | 4 | checkversion.php |
|
| Details | File | 1 | explorer.vbs |
|
| Details | File | 1 | news.url |
|
| Details | File | 1 | c:\users\user\appdata\roaming\microsoft\windows\startmenu\programs\startup\explorer.vbs |
|
| Details | File | 1 | c:\checkversion.php |
|
| Details | File | 3 | system.ps1 |
|
| Details | File | 18 | 1.ps1 |
|
| Details | md5 | 1 | a856f56fec6abdc3a93c3715be1567e5 |
|
| Details | md5 | 1 | 4cbebeda71dceb9914a21d06e22223af |
|
| Details | md5 | 1 | e69206a709a80133aebf55153847a6b2 |
|
| Details | md5 | 1 | 91d0770261df8a1b3eba61483fdb255c |
|
| Details | md5 | 1 | b241ae467006667eca4c2619855f5377 |
|
| Details | md5 | 1 | 278440a46195ba8fa628460530e601ed |
|
| Details | md5 | 2 | ea406ea60a05afa14f7debc67a75a472 |
|
| Details | md5 | 2 | 1c64b27a58b016a966c654f1fdf4c155 |
|
| Details | md5 | 1 | c8ab6e29d76d43268a5028f17fe4f48e |
|
| Details | md5 | 2 | 2a7e0463c7814465f9a78355c4754d0a |
|
| Details | md5 | 1 | d01ff6f0bfb1b515e8ba10a453c74d53 |
|
| Details | md5 | 1 | 9bda0be7b30155c26c9236cbac731dbd |
|
| Details | sha1 | 1 | 906a89289a30dbef36b157600fac11f0f04e4684 |
|
| Details | IPv4 | 3 | 104.200.67.190 |
|
| Details | Url | 1 | http://www.clearskysec.com/wp-content/uploads/2016/01/operation |
|
| Details | Url | 1 | https://gist.githubusercontent.com/0lol0/e69206a709a80133aebf55153847a6b2/raw/906a89289a30dbef36b157600fac11f0f04e4684/system.ps1 |
|
| Details | Windows Registry Key | 1 | HKU\...\Software\Microsoft\KeyName |